From 90fe3b255d68d75348f5eac04ed502f3acad3f31 Mon Sep 17 00:00:00 2001
From: Dmitri Tikhonov <dtikhonov@litespeedtech.com>
Date: Mon, 25 Feb 2019 09:12:20 -0500
Subject: [PATCH] Release 1.19.4

- [BUGFIX] Check buffer bounds when looking up version in 0-RTT blob.
- [BUGFIX] http_client: don't fetch 0-rtt info if handshake failed.
- Log number of pacer calls at DEBUG, rather than NOTICE, level.
---
 CHANGELOG                        |  6 ++++++
 include/lsquic.h                 |  2 +-
 src/liblsquic/lsquic_full_conn.c |  6 ++++--
 src/liblsquic/lsquic_handshake.c | 15 +++++++++++++++
 src/liblsquic/lsquic_handshake.h |  3 +++
 src/liblsquic/lsquic_pacer.c     |  2 +-
 test/http_client.c               |  3 +--
 7 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 415f828cb..906f9719c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,9 @@
+2019-02-15
+    - 1.19.4
+    - [BUGFIX] Check buffer bounds when looking up version in 0-RTT blob.
+    - [BUGFIX] http_client: don't fetch 0-rtt info if handshake failed.
+    - Log number of pacer calls at DEBUG, rather than NOTICE, level.
+
 2019-02-18
     - 1.19.3
     - [BUGFIX] Q044: don't encode packet number in 6 bytes.  Six-byte
diff --git a/include/lsquic.h b/include/lsquic.h
index 1ef70af23..590950c9f 100644
--- a/include/lsquic.h
+++ b/include/lsquic.h
@@ -25,7 +25,7 @@ extern "C" {
 
 #define LSQUIC_MAJOR_VERSION 1
 #define LSQUIC_MINOR_VERSION 19
-#define LSQUIC_PATCH_VERSION 3
+#define LSQUIC_PATCH_VERSION 4
 
 /**
  * Engine flags:
diff --git a/src/liblsquic/lsquic_full_conn.c b/src/liblsquic/lsquic_full_conn.c
index 829b3947b..96ec934b5 100644
--- a/src/liblsquic/lsquic_full_conn.c
+++ b/src/liblsquic/lsquic_full_conn.c
@@ -16,6 +16,8 @@
 #endif
 #include <sys/queue.h>
 
+#include <openssl/ssl.h>
+
 #include "lsquic_types.h"
 #include "lsquic.h"
 #include "lsquic_alarmset.h"
@@ -51,6 +53,7 @@
 #include "lsquic_version.h"
 #include "lsquic_hash.h"
 #include "lsquic_headers.h"
+#include "lsquic_handshake.h"
 
 #include "lsquic_conn.h"
 #include "lsquic_conn_public.h"
@@ -650,8 +653,7 @@ full_conn_client_new (struct lsquic_engine_public *enpub,
     version = highest_bit_set(enpub->enp_settings.es_versions);
     if (zero_rtt)
     {
-        zero_rtt_version = lsquic_tag2ver(
-                ((struct lsquic_zero_rtt_storage *)zero_rtt)->quic_version_tag);
+        zero_rtt_version = lsquic_zero_rtt_version(zero_rtt, zero_rtt_len);
         if (zero_rtt_version < N_LSQVER &&
             ((1 << zero_rtt_version) & enpub->enp_settings.es_versions))
             version = zero_rtt_version;
diff --git a/src/liblsquic/lsquic_handshake.c b/src/liblsquic/lsquic_handshake.c
index 8eef2b7c7..db5d378a2 100644
--- a/src/liblsquic/lsquic_handshake.c
+++ b/src/liblsquic/lsquic_handshake.c
@@ -1971,3 +1971,18 @@ const char *const lsquic_enclev2str[] =
     [ENC_LEV_INIT]  = "initial",
     [ENC_LEV_FORW]  = "forw-secure",
 };
+
+
+enum lsquic_version
+lsquic_zero_rtt_version (const unsigned char *buf, size_t bufsz)
+{
+    lsquic_ver_tag_t tag;
+
+    if (bufsz >= sizeof(tag))
+    {
+        memcpy(&tag, buf, sizeof(tag));
+        return lsquic_tag2ver(tag);
+    }
+    else
+        return -1;
+}
diff --git a/src/liblsquic/lsquic_handshake.h b/src/liblsquic/lsquic_handshake.h
index 6b0ad8c01..8c0b4f130 100644
--- a/src/liblsquic/lsquic_handshake.h
+++ b/src/liblsquic/lsquic_handshake.h
@@ -202,4 +202,7 @@ struct enc_session_funcs lsquic_enc_session_gquic_1;
 #define select_esf_by_ver(ver) \
     (ver ? &lsquic_enc_session_gquic_1 : &lsquic_enc_session_gquic_1)
 
+enum lsquic_version
+lsquic_zero_rtt_version (const unsigned char *, size_t);
+
 #endif
diff --git a/src/liblsquic/lsquic_pacer.c b/src/liblsquic/lsquic_pacer.c
index 8c61e24a9..7f0c95162 100644
--- a/src/liblsquic/lsquic_pacer.c
+++ b/src/liblsquic/lsquic_pacer.c
@@ -37,7 +37,7 @@ void
 pacer_cleanup (struct pacer *pacer)
 {
 #ifndef NDEBUG
-    LSQ_NOTICE("scheduled calls: %u", pacer->pa_stats.n_scheduled);
+    LSQ_DEBUG("scheduled calls: %u", pacer->pa_stats.n_scheduled);
 #endif
 }
 
diff --git a/test/http_client.c b/test/http_client.c
index 0210cb691..b333fa217 100644
--- a/test/http_client.c
+++ b/test/http_client.c
@@ -358,8 +358,7 @@ http_client_on_hsk_done (lsquic_conn_t *conn, enum lsquic_hsk_status status)
     else
         LSQ_INFO("handshake success %s",
                                 status == LSQ_HSK_0RTT_OK ? "with 0-RTT" : "");
-    if (!(client_ctx->hcc_flags & HCC_RTT_INFO) ||
-        ((client_ctx->hcc_flags & HCC_RTT_INFO) && status != LSQ_HSK_0RTT_OK))
+    if (status == LSQ_HSK_OK)
     {
         ret = lsquic_conn_get_zero_rtt(conn, client_ctx->hcc_zero_rtt,
                                             client_ctx->hcc_zero_rtt_max_len);